Today in the
Imperfect Lab I'm going to work on some clean up to improve the manageability
of my new domain controllers. Since I have two of them, I want to take
advantage of the Azure's service level agreement. The only way to ensure that Azure keeps at
least one DC running at all times is to create an availability set, which will
distribute the VMs within a set across different update and fault domains.
Some notes about Availability Sets - VMs must be in the same cloud service and you can have a maximum of 50 in each set. You will find that your machines are spread across 2 fault domains and upwards of 5 update domains. Also, avoid creating a set with just one machine it, because once you create a set you won't get notifications about maintenance regarding those update/fault areas.
Some notes about Availability Sets - VMs must be in the same cloud service and you can have a maximum of 50 in each set. You will find that your machines are spread across 2 fault domains and upwards of 5 update domains. Also, avoid creating a set with just one machine it, because once you create a set you won't get notifications about maintenance regarding those update/fault areas.
Since my machines
have already been created I use the following PowerShell to update them with a
set named "ADDC".
Get-AzureVM
-ServiceName "imperfectcore" -Name "dc-cloud1" |
Set-AzureAvailabilitySet
-AvailabilitySetName "ADDC" |
Update-AzureVM
Get-AzureVM
-ServiceName "imperfectcore" -Name "dc-cloud3" |
Set-AzureAvailabilitySet
-AvailabilitySetName "ADDC" |
Update-AzureVM
If you want a quick
gander at all the availability sets that exist in your subscription, run this:
(Get-AzureService).servicename
| foreach {Get-AzureVM -ServiceName $_ } | select name,AvailabilitySetName
Since the GUI does
hold a fond place in my heart, I do want the dashboard of Server Manager on one
of the VMs to show the status of all the servers in the domain. You'll notice that if you log into the
desktop of one of these newly created servers the "Remote Management"
will be disabled. This needs to be
enabled to allow management from other services, so run "winrm quickconfig -q"
against each server to turn that on. You
will have to start a PS-Session for each server for that.
Finally, since I
expect to reduce the amount of times I'm logging into a machine directly, I'm
going to take switch one of the DCs to Server Core and the other to the
MinShell format. These
commands do take a while to complete and require a restart to complete the
configuration, so don't panic if you can't connect to what looks like
"running" VMs in Azure for a few minutes after reboot.
For Server Core
(from a Machine running the Full GUI):
Remove-WindowsFeature
-name User-Interfaces-Infra
Restart-Computer
-Force
For MinShell (from a
Machine running the Full GUI):
Remove-WindowsFeature
-name Server-GUI-Shell
Restart-Computer
-Force
With the MinShell
installation I will still have access to the nice Server Manager dashboard when
I want it and will be able to remotely manage the 2nd domain controller from
it. The list below will show the differences
between each of the versions. (Click to make it bigger!)
-small.jpg)
No comments:
Post a Comment